Re: 'dpkg' and setuid

["Brian C. White" <bcwhite@verisim.com>]

> > Yes, dpkg can only be run as root.  Generally, it is necessary to use
> > the root password in order to run dpkg.  Running dpkg is limited to
> > people who have the root password.  Craig Saunders suggested having a
> > setuid root program for novices.  Unfortunately, having a setuid
> > program means that anyone can install any program, included a setuid
> > shell.  Having a root password is no longer necessary to do this.
> > Thus the additional security risk.
> 
> that's why i said it should only be executable by those in a special
> group (e.g. a group called 'dpkg').
> 
> The system admin would have to deliberately add a user to the group for
> them to have the permission to run it.
> 
> in other words it is no more of a security hole than dpkg already is.
> i.e. it's as insecure as the system admin chooses to make it.

Wait!

Dpkg is useful as a non-root tool!  I use it all the time with "--status"
and "--listfiles".  Restricting it to a specific group of people would
be detrimental, IMO.
                                             
                                          Brian
                                 ( bcwhite@verisim.com )
                                             
-------------------------------------------------------------------------------
     It's not the days in your life, but the life in your days that counts.

--
TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word "unsubscribe" to
debian-devel-REQUEST@lists.debian.org . Trouble? e-mail to Bruce@Pixar.com